Forum Discussion
Miguel_111028
Nimbostratus
NimbostratusInserting SSL client certificate into the header of the HTTP session
Hello group,
I do not have much experience in creating iRules and I need to set an iRule to an https virtual server type with client certificate authentication. The iRule should do the...
Miguel_111028Nimbostratus
NimbostratusThanks you Aaron,
I have try your suggestion, but in the end I opted for the following iRule:
when CLIENTSSL_CLIENTCERT
{
set cur [SSL::sessionid]
set ask [session lookup ssl $cur]
if { $ask eq "" } {
session add ssl [SSL::sessionid] [SSL::cert 0]
}
}
when HTTP_REQUEST
{
set id [SSL::sessionid]
set the_cert [session lookup ssl $id]
if { $the_cert != ""}
{
HTTP::header insert x-client-cert [X509::whole $the_cert]
}
}
This iRule seems to work, but only when the ssl Client authentication profile is set to request. I need to use this iRule when the client authentication profile is set to require.
I think I’m forgetting something in the iRule sintaxis. When I set the ssl client profile to require cert authentication, the bigip break the ssl tunnel and don’t send anything to the backend server. It could be a bug? or am I need to add something to the syntax of the iRule when I want to use certificate authentication in required.?
Any suggestions?
We also need to create an iRule (or add this functionality to same iRule) to rewrite the protocol of the "Location" header that the user's browser send, that is, if the bigip see the following header:
“Location: http://anything” should rewrite it to “Location:https://anything/”.
I’m in version 9.4.5 build 1049.10 Final
Thanks you in advance.
Miguel Angel.